req.session.user is deleted while user is active

Multi tool use
Multi tool use











up vote
2
down vote

favorite
2












I set the session timeout to 30 minutes. While I am still active, req.session.user is deleted after 30 minutes. However, the session is still alive. Here's my config (i'm using express-session and passport.js):



app.use(session({

    store: new RedisStore(options),

    secret: <some_secret>,

    resave: false,

    saveUninitialized: false,

    cookie: {maxAge: 1800000}

}));



app.use(passport.initialize());

app.use(passport.session());



// Are these serializer/deserializer needed?

passport.serializeUser((user, done) => {

    done(null, user);

});

passport.deserializeUser((user, done) => {

    done(null, user);

});


In login:



router.post('/login', (req, res, next) => {

    passport.authenticate('ldapauth', {session: false}, (err, user, info) => {

        ...

        if (user) {

            req.session.user = {email: req.body.username};

        }

        next();

    })(req, res);

});


The verify code is like this:



isLoggedIn() {

    if (req.session && req.session.user) {

        return true;

    }

    return false;

}


I set the req.session.user to some object after I successfully logged in.



So, after 30 minutes, req.session.user is deleted, but req.session is still there and keeps on incrementing the expiry date since I am still actively working on the page.



Why is req.session.user deleted after 30 minutes? I thought passport rides on the session by express?






node.js passport.js







share|improve this question

















This question has an open bounty worth +50
reputation from iPhoneJavaDev ending in 4 days.


Looking for an answer drawing from credible and/or official sources.
















  • Please post the redis options. I suspect you set the expiration on the data.
    – niry
    2 days ago










  • I didn't set any expiration on Redis. In the options i only provide the client to connect to. Besides, even when i encountered the timeout, the session id remains in redis.
    – iPhoneJavaDev
    2 days ago










  • Just to clarify, with "encountered the timeout", I mean the req.session.user that I set got deleted after 30 minutes of still being active. I'm thinking there's something going on with passport, maybe, i'm not sure.
    – iPhoneJavaDev
    2 days ago















up vote
2
down vote

favorite
2












I set the session timeout to 30 minutes. While I am still active, req.session.user is deleted after 30 minutes. However, the session is still alive. Here's my config (i'm using express-session and passport.js):



app.use(session({

    store: new RedisStore(options),

    secret: <some_secret>,

    resave: false,

    saveUninitialized: false,

    cookie: {maxAge: 1800000}

}));



app.use(passport.initialize());

app.use(passport.session());



// Are these serializer/deserializer needed?

passport.serializeUser((user, done) => {

    done(null, user);

});

passport.deserializeUser((user, done) => {

    done(null, user);

});


In login:



router.post('/login', (req, res, next) => {

    passport.authenticate('ldapauth', {session: false}, (err, user, info) => {

        ...

        if (user) {

            req.session.user = {email: req.body.username};

        }

        next();

    })(req, res);

});


The verify code is like this:



isLoggedIn() {

    if (req.session && req.session.user) {

        return true;

    }

    return false;

}


I set the req.session.user to some object after I successfully logged in.



So, after 30 minutes, req.session.user is deleted, but req.session is still there and keeps on incrementing the expiry date since I am still actively working on the page.



Why is req.session.user deleted after 30 minutes? I thought passport rides on the session by express?






node.js passport.js







share|improve this question

















This question has an open bounty worth +50
reputation from iPhoneJavaDev ending in 4 days.


Looking for an answer drawing from credible and/or official sources.
















  • Please post the redis options. I suspect you set the expiration on the data.
    – niry
    2 days ago










  • I didn't set any expiration on Redis. In the options i only provide the client to connect to. Besides, even when i encountered the timeout, the session id remains in redis.
    – iPhoneJavaDev
    2 days ago










  • Just to clarify, with "encountered the timeout", I mean the req.session.user that I set got deleted after 30 minutes of still being active. I'm thinking there's something going on with passport, maybe, i'm not sure.
    – iPhoneJavaDev
    2 days ago













up vote
2
down vote

favorite
2









up vote
2
down vote

favorite
2






2





I set the session timeout to 30 minutes. While I am still active, req.session.user is deleted after 30 minutes. However, the session is still alive. Here's my config (i'm using express-session and passport.js):



app.use(session({

    store: new RedisStore(options),

    secret: <some_secret>,

    resave: false,

    saveUninitialized: false,

    cookie: {maxAge: 1800000}

}));



app.use(passport.initialize());

app.use(passport.session());



// Are these serializer/deserializer needed?

passport.serializeUser((user, done) => {

    done(null, user);

});

passport.deserializeUser((user, done) => {

    done(null, user);

});


In login:



router.post('/login', (req, res, next) => {

    passport.authenticate('ldapauth', {session: false}, (err, user, info) => {

        ...

        if (user) {

            req.session.user = {email: req.body.username};

        }

        next();

    })(req, res);

});


The verify code is like this:



isLoggedIn() {

    if (req.session && req.session.user) {

        return true;

    }

    return false;

}


I set the req.session.user to some object after I successfully logged in.



So, after 30 minutes, req.session.user is deleted, but req.session is still there and keeps on incrementing the expiry date since I am still actively working on the page.



Why is req.session.user deleted after 30 minutes? I thought passport rides on the session by express?






node.js passport.js







share|improve this question















I set the session timeout to 30 minutes. While I am still active, req.session.user is deleted after 30 minutes. However, the session is still alive. Here's my config (i'm using express-session and passport.js):



app.use(session({

    store: new RedisStore(options),

    secret: <some_secret>,

    resave: false,

    saveUninitialized: false,

    cookie: {maxAge: 1800000}

}));



app.use(passport.initialize());

app.use(passport.session());



// Are these serializer/deserializer needed?

passport.serializeUser((user, done) => {

    done(null, user);

});

passport.deserializeUser((user, done) => {

    done(null, user);

});


In login:



router.post('/login', (req, res, next) => {

    passport.authenticate('ldapauth', {session: false}, (err, user, info) => {

        ...

        if (user) {

            req.session.user = {email: req.body.username};

        }

        next();

    })(req, res);

});


The verify code is like this:



isLoggedIn() {

    if (req.session && req.session.user) {

        return true;

    }

    return false;

}


I set the req.session.user to some object after I successfully logged in.



So, after 30 minutes, req.session.user is deleted, but req.session is still there and keeps on incrementing the expiry date since I am still actively working on the page.



Why is req.session.user deleted after 30 minutes? I thought passport rides on the session by express?






node.js passport.js




node.js passport.js






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 9 at 1:46









Community

11




11










asked Nov 8 at 9:34









iPhoneJavaDev

2202730




2202730






This question has an open bounty worth +50
reputation from iPhoneJavaDev ending in 4 days.


Looking for an answer drawing from credible and/or official sources.








This question has an open bounty worth +50
reputation from iPhoneJavaDev ending in 4 days.


Looking for an answer drawing from credible and/or official sources.














  • Please post the redis options. I suspect you set the expiration on the data.
    – niry
    2 days ago










  • I didn't set any expiration on Redis. In the options i only provide the client to connect to. Besides, even when i encountered the timeout, the session id remains in redis.
    – iPhoneJavaDev
    2 days ago










  • Just to clarify, with "encountered the timeout", I mean the req.session.user that I set got deleted after 30 minutes of still being active. I'm thinking there's something going on with passport, maybe, i'm not sure.
    – iPhoneJavaDev
    2 days ago


















  • Please post the redis options. I suspect you set the expiration on the data.
    – niry
    2 days ago










  • I didn't set any expiration on Redis. In the options i only provide the client to connect to. Besides, even when i encountered the timeout, the session id remains in redis.
    – iPhoneJavaDev
    2 days ago










  • Just to clarify, with "encountered the timeout", I mean the req.session.user that I set got deleted after 30 minutes of still being active. I'm thinking there's something going on with passport, maybe, i'm not sure.
    – iPhoneJavaDev
    2 days ago
















Please post the redis options. I suspect you set the expiration on the data.
– niry
2 days ago




Please post the redis options. I suspect you set the expiration on the data.
– niry
2 days ago












I didn't set any expiration on Redis. In the options i only provide the client to connect to. Besides, even when i encountered the timeout, the session id remains in redis.
– iPhoneJavaDev
2 days ago




I didn't set any expiration on Redis. In the options i only provide the client to connect to. Besides, even when i encountered the timeout, the session id remains in redis.
– iPhoneJavaDev
2 days ago












Just to clarify, with "encountered the timeout", I mean the req.session.user that I set got deleted after 30 minutes of still being active. I'm thinking there's something going on with passport, maybe, i'm not sure.
– iPhoneJavaDev
2 days ago




Just to clarify, with "encountered the timeout", I mean the req.session.user that I set got deleted after 30 minutes of still being active. I'm thinking there's something going on with passport, maybe, i'm not sure.
– iPhoneJavaDev
2 days ago












1 Answer
1






active

oldest

votes

















up vote
-1
down vote













From: https://www.npmjs.com/package/connect-redis




ttl Redis session TTL (expiration) in seconds. Defaults to
session.cookie.maxAge (if set), or one day. This may also be set to a
function of the form (store, sess, sessionID) => number.




You can avoid deleting keys by setting disableTTL:




disableTTL Disables setting TTL, keys will stay in redis until evicted
by other means (overides ttl)







share|improve this answer





















  • I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
    – iPhoneJavaDev
    2 days ago










  • Did you try actually it?
    – niry
    yesterday










  • At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
    – iPhoneJavaDev
    yesterday













Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204922%2freq-session-user-is-deleted-while-user-is-active%23new-answer', 'question_page');
}
);

Post as a guest


















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
-1
down vote













From: https://www.npmjs.com/package/connect-redis




ttl Redis session TTL (expiration) in seconds. Defaults to
session.cookie.maxAge (if set), or one day. This may also be set to a
function of the form (store, sess, sessionID) => number.




You can avoid deleting keys by setting disableTTL:




disableTTL Disables setting TTL, keys will stay in redis until evicted
by other means (overides ttl)







share|improve this answer





















  • I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
    – iPhoneJavaDev
    2 days ago










  • Did you try actually it?
    – niry
    yesterday










  • At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
    – iPhoneJavaDev
    yesterday

















up vote
-1
down vote













From: https://www.npmjs.com/package/connect-redis




ttl Redis session TTL (expiration) in seconds. Defaults to
session.cookie.maxAge (if set), or one day. This may also be set to a
function of the form (store, sess, sessionID) => number.




You can avoid deleting keys by setting disableTTL:




disableTTL Disables setting TTL, keys will stay in redis until evicted
by other means (overides ttl)







share|improve this answer





















  • I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
    – iPhoneJavaDev
    2 days ago










  • Did you try actually it?
    – niry
    yesterday










  • At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
    – iPhoneJavaDev
    yesterday















up vote
-1
down vote










up vote
-1
down vote









From: https://www.npmjs.com/package/connect-redis




ttl Redis session TTL (expiration) in seconds. Defaults to
session.cookie.maxAge (if set), or one day. This may also be set to a
function of the form (store, sess, sessionID) => number.




You can avoid deleting keys by setting disableTTL:




disableTTL Disables setting TTL, keys will stay in redis until evicted
by other means (overides ttl)







share|improve this answer












From: https://www.npmjs.com/package/connect-redis




ttl Redis session TTL (expiration) in seconds. Defaults to
session.cookie.maxAge (if set), or one day. This may also be set to a
function of the form (store, sess, sessionID) => number.




You can avoid deleting keys by setting disableTTL:




disableTTL Disables setting TTL, keys will stay in redis until evicted
by other means (overides ttl)








share|improve this answer












share|improve this answer



share|improve this answer










answered 2 days ago









niry

1,2991021




1,2991021












  • I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
    – iPhoneJavaDev
    2 days ago










  • Did you try actually it?
    – niry
    yesterday










  • At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
    – iPhoneJavaDev
    yesterday




















  • I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
    – iPhoneJavaDev
    2 days ago










  • Did you try actually it?
    – niry
    yesterday










  • At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
    – iPhoneJavaDev
    yesterday


















I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
– iPhoneJavaDev
2 days ago




I'm not sure about this as the sessionId remains in redis after the req.session.user got deleted.
– iPhoneJavaDev
2 days ago












Did you try actually it?
– niry
yesterday




Did you try actually it?
– niry
yesterday












At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
– iPhoneJavaDev
yesterday






At first, I didn't try it cause I think it's not related. Redis only stores the sessionId with key sess:<sessionId>. That's all. I think that's express-session's behavior, to store only the sessionId. So I don't think disabling TTL will do anything as req.session.user is not saved in redis. But then, I still try. I added store: new RedisStore({client: <myredisclient>, disableTTL: true}),. As expected, the same behavior. Because it's not related to req.session.user that I am setting.
– iPhoneJavaDev
yesterday




















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204922%2freq-session-user-is-deleted-while-user-is-active%23new-answer', 'question_page');
}
);

Post as a guest






































































sW2LNOAGp3c1Z PeprBZ0Z8Aq,5ku 0zufQ1 v0 OC0H,cL66MB asWTuS8tv
-
PqkHrrPslFz3q0sa F,OaCN631,kiUzkTH

Popular posts from this blog

How to pass form data using jquery Ajax to insert data in database?

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 1 I have 4 tables namely stud, country_master_academic,master_state and master_city. The main problem is that my form consists of many different fields like textbox, radio buttons, dropdown and an image file, so i am getting really confused. I can't insert data in database. Please help me. I tried many times but its not working. Thanks for the help in advance. Modal in home.php page <div class="container"> <div class="modal fade" id="add_data_modal" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> ...
Read more

Guess what letter conforming each word

Image
6 $begingroup$ This is an entry in the Fortnightly Topic Challenge #41: Short and Sweet. 1 letter only could be mean anything . With an additional letter in front , could be used as medicine component and something you definitely learn or at least heard once. Add another letter in front , you would possibly hear that many times . Add an additional letter in front , you would found an independent country . With an additional letter, in the end , you would found something related to apple . Add another letter in the end , you would found something bad . Hint: Each letter is unique . word knowledge letters chemistry share | improve this question ...
Read more

Run scheduled task as local user group (not BUILTIN)

Image
0 I am trying to run a scheduled task with User Group (not a single user). This is working fine when I in the field "when running a task, use the following user account:" insert BUILTIN User Group (for example: Administrators or Users). But when I try it with the created Local User Group (example: TestGroup) it is not working. The Users in the TestGroup are the same as in the Administrators group. What could be the problem? Are there some restrictions to the Created User Group compared to BUILTINUsers? scheduled-tasks taskscheduler windowstaskschedule share | improve this question asked Nov 15 '18 at 15:36 Far...
Read more